Re: [NSE] New httpspider library and http-email-harvest script

[Djalal Harouni <tixxdz () opendz org>]

On Thu, Dec 08, 2011 at 01:43:09PM +0100, Martin Holst Swende wrote:
> On 12/06/2011 11:50 PM, Patrik Karlsson wrote:
> > Hi all,
> >
> > I've just committed (r27349) a httpspidering library inspired by Paulino's
> > previous work.
> > The script http-email-harvest is the first script that makes us of it and
> > collects e-mail addresses from spidered web content.
> >
> > Comments and feedback are, as always, welcome.
> >
> > Cheers,
> > Patrik
> Cool,
> Would it be possible to have a prerule script which modifies the
> http-library to enable 'sniffing' of different things, such as email.
> Consider the following:
>
> nmap --script http-grep, http-enum --script-args
> http-grep.harvest="email,stacktraces,plaintext_login,cookienames,
> serverbanners"  <target>
>
> For that to work, the http-grep would have to monkeypatch the http
> library and add a couple of 'greppers' which would analyse all http
> responses before they are
> passed to http-enum. Then we could add a bunch of greppers which would
> be very simple to implement and could be used anytime http is used, and
> leverage existing
> http-scripts.
>
> The email-harvest script could be replaced by
> nmap --script http-grep, http-spider --script-args
> http-grep.harvest="email" <target>
>
> Is it at all possible for a pre-rule script to do this? Would it make
> sense?
We could do better than a script that modifies a library, we can register
callbacks in http-enum etc. There is the "Improve NSE HTTP architecture" [1]
proposal (without code).

[1] http://seclists.org/nmap-dev/2011/q2/967

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/